So I am trying to test a SOAP endpoint with SoapUI.
This is how my SOAP request looks like
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<o:Security soapenv:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
<o:Username>username</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
</o:UsernameToken>
</o:Security>
</soapenv:Header>
<soapenv:Body>
<ns:RequestSecurityToken Context="?">
<!--You may enter ANY elements at this point-->
</ns:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
I keep getting this response
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:MustUnderstand</faultcode>
<faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Security] are not understood.</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
If I change the value of mustUnderstand to 0, it gives this error
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>These policy alternatives can not be satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/}SupportingTokens
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/}UsernameToken</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
My security policy looks like below:
<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
wsu:Id="UserNameWSTrustBinding_IWSTrust13Async_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy></wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Not sure what I am missing now. Does anyone know what I am missing?
I figured out the answer. We were not using org.apache.cxf:cxf-rt-ws-security and org.apache.cxf:cxf-rt-ws-policy jars. I will write a post to explain this in detail.
Related
Before this project I never worked with SOAP. So I followed all of the instructions from: https://wktaaeu.force.com/nlcommunity/s/article/Setting-up-OAuth-2-0-Introduction?language=en_US and used the Postman templates on that page to make SOAP requests.
After a while I got the Access Token and company code, but I can't find out how to make other requests. With every request that I try to make from different sources on the internet I get the following error:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Server was unable to process request. ---> Object reference not set to an instance of an object.</faultstring>
<detail />
</soap:Fault>
</soap:Body>
</soap:Envelope>
Im making a mistake why every request fails but I can't figure it out.
Examples of different requests I tried
This one I took from: Postman Twinfield API request deleted transactions
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<h:Authentication xmlns:h="http://www.twinfield.com/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<AccessToken xmlns="http://schemas.datacontract.org/2004/07/Twinfield.WebServices.Shared">ACCESS_TOKEN</AccessToken>
<CompanyCode xmlns="http://schemas.datacontract.org/2004/07/Twinfield.WebServices.Shared">35f3248f-46cc-4a8e-b16c-69ac65118771</CompanyCode>
</h:Authentication>
</s:Header>
<s:Body>
<Query i:type="b:GetDeletedTransactions" xmlns="http://www.twinfield.com/" xmlns:a="http://schemas.datacontract.org/2004/07/Twinfield.WebServices" xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:b="http://schemas.datacontract.org/2004/07/Twinfield.WebServices.DeletedTransactionsService">
<b:CompanyCode>COMPANY_CODE</b:CompanyCode>
<b:DateFrom>2022-01-01T00:00:00</b:DateFrom>
<b:DateTo>2022-12-31T23:59:00</b:DateTo>
<b:Daybook></b:Daybook>
</Query>
</s:Body>
</s:Envelope>
Second try was by myself from the docs:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:twin="http://www.twinfield.com/">
<soapenv:Header>
<twin:Header>
<twin:AccessToken>ACCESS_TOKEN</twin:AccessToken>
</twin:Header>
</soapenv:Header>
<soapenv:Body>
<twin:ProcessXmlString>
<twin:xmlRequest><![CDATA[<list><type>offices</type></list>]]></twin:xmlRequest>
</twin:ProcessXmlString>
</soapenv:Body>
</soapenv:Envelope>
Last one also made by my reading the docs:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:twinfield="http://www.twinfield.com/">
<soap:Header>
<twinfield:Header>
<twinfield:AccessToken>ACCESS_TOKEN</twinfield:AccessToken>
<twinfield:CompanyCode>COMPANY_CODE</twinfield:CompanyCode>
</twinfield:Header>
</soap:Header>
<soap:Body>
<twinfield:ProcessXmlDocument>
<twinfield:xmlRequest>
<read>
<type>dimensions</type>
<office>COMPANY_CODE</office>
<dimtype>SALARIS</dimtype>
<code>1234</code>
</read>
</twinfield:xmlRequest>
</twinfield:ProcessXmlDocument>
</soap:Body>
</soap:Envelope>
I'v had the same struggle as you are going through, after a while I contacted Twinfield about this and they offered me a slightly different soap xml, this is no where explained nor noted down but it worked so maybe it will work for you as well:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<h:Authentication xmlns:h="http://www.twinfield.com/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<AccessToken xmlns="http://schemas.datacontract.org/2004/07/Twinfield.WebServices.Shared">{{Accescode}}</AccessToken>
<CompanyCode xmlns="http://schemas.datacontract.org/2004/07/Twinfield.WebServices.Shared">{{Company}}</CompanyCode>
</h:Authentication>
</s:Header>
<s:Body>
<Query i:type="b:GetDeletedTransactions" xmlns="http://www.twinfield.com/" xmlns:a="http://schemas.datacontract.org/2004/07/Twinfield.WebServices" xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:b="http://schemas.datacontract.org/2004/07/Twinfield.WebServices.DeletedTransactionsService">
<b:CompanyCode>{{Company}}</b:CompanyCode>
<b:DateFrom>2022-06-01T00:00:00</b:DateFrom>
<b:DateTo>2022-07-30T23:59:00</b:DateTo>
<b:Daybook></b:Daybook>
</Query>
</s:Body>
</s:Envelope>
As you can see there a few parameters that you need to set the "Company" and the "Access code"
for the company list I've been using this xml request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:twin="http://www.twinfield.com/">
<soapenv:Header>
<twin:Header>
<twin:AccessToken>{{Accescode}}</twin:AccessToken>
</twin:Header>
</soapenv:Header>
<soapenv:Body>
<twin:ProcessXmlString>
<twin:xmlRequest><![CDATA[<list><type>offices</type></list>]]></twin:xmlRequest>
</twin:ProcessXmlString>
</soapenv:Body>
</soapenv:Envelope>
if these dont work it might be that your licence within the twinfield environment needs to be adjusted so you've access to this.
I am using soap to call CreateEnvelopeFromTemplates. I am embedding the security header at the top and I am getting the response below. Any ideas on what could be wrong.
My security header is:
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>981ec272-3f9a-4cd8-83a9-062f82fce46c</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">abcdefgh</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
The Response is:
This Account lacks sufficient permissions.
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
<wsa:MessageID>urn:uuid:2a38012a-5ae0-4077-8b81-08a808c62e60</wsa:MessageID>
<wsa:RelatesTo>urn:uuid:6c1f1484-c546-49be-b181-4d75f5dd08a5</wsa:RelatesTo>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-10879099-ff09-4aa8-bcb8-7f2cf8819781">
<wsu:Created>2019-01-08T16:04:53Z</wsu:Created>
<wsu:Expires>2019-01-08T16:09:53Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>This Account lacks sufficient permissions. </faultstring>
<faultactor>missing in Web.Config</faultactor>
<detail>
<ErrorCode xmlns="missing in Web.Config">111</ErrorCode>
<ErrorReason xmlns="missing in Web.Config">This Account lacks sufficient permissions.</ErrorReason>
</detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>
You need to embed your Integrator Key in the Username element, using brackets. Most of the examples shown in the authentication section of the SOAP API guide pre-date Integrator Keys and don't show it for UsernameToken.
Example:
<wsse:Username>[BILL- 9048-469a-a9e9-211cef79e5f3]2988541c-4ec7-4245-b520-f2d324062ca3</wsse:Username>
I have credentials for VMware SSO-server. I make attempts to send SOAP-request for acquiring a SAML-token from server:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:urn="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xd="http://www.w3.org/2000/09/xmldsig#"
xmlns:sam="http://www.rsa.com/names/2009/12/std-ext/SAML2.0"
xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200802"
xmlns:add="http://www.w3.org/2005/08/addressing"
xmlns:adv="http://www.rsa.com/names/2009/12/std-ext/WS-Trust1.4/advice">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2017-01-24T20:03:20.344Z</wsu:Created>
<wsu:Expires>2017-01-30T20:03:20.344Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ns:RequestSecurityToken>
<ns:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</ns:TokenType>
<ns:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</ns:RequestType>
<ns:Lifetime>
<oas1:Created>2017-01-24T20:03:20.344Z</oas1:Created>
<oas1:Expires>2017-01-30T20:03:20.344Z</oas1:Expires>
</ns:Lifetime>
<ns:Renewing Allow="false" OK="true"/>
<ns:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</ns:KeyType>
<ns:SignatureAlgorithm>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</ns:SignatureAlgorithm>
</ns:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
But I receive such error message:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
<faultcode>S:Server</faultcode>
<faultstring>org.xml.sax.SAXParseException</faultstring>
</S:Fault>
</S:Body>
</S:Envelope>
Could anyone explain where is my mistake in the SOAP-request?
I'm using the SOA Client Firefox addon to sent out a a SOAP request to some ONVIF cameras. Below you will see the request for the 'GetServices' request. It works fine for one camera, but for another (AXIS camera) I get the error: 'Invalid SOAP message or SOAP version mismatch'.
There are other questions about this. But none of the answers were clear to me. One mentioned changing to soap version 1.2 (how do I do this?). And this one seems to be solved by a brief comment: Onvif - Invalid SOAP message or SOAP version mismatch
If anyone thinks it is relevant to my case, could you expand on it please.
URL = http://10.253.253.2/onvif/device_service
Method = POST
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ns0="http://www.onvif.org/ver10/device/wsdl"
xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security mustUnderstand="true">
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">sLOOZG8o+369zaBclGwn4+tjOac=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NWQyMzVjNGNhYmIxMTQ1ZjEzZWVlYzcyZDkzZjcwODI=</wsse:Nonce>
<wsu:Created>2015-07-27T15:47:31.178534Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<ns1:Body>
<ns0:GetServices>
<ns0:IncludeCapability>false</ns0:IncludeCapability>
</ns0:GetServices>
</ns1:Body>
</SOAP-ENV:Envelope>
And the error response...
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:wsrfr="http://docs.oasis-open.org/wsrf/r-2" xmlns:aa="http://www.axis.com/vapix/ws/action1" xmlns:aev="http://www.axis.com/vapix/ws/event1" xmlns:ali1="http://www.axis.com/vapix/ws/light/CommonBinding" xmlns:ali2="http://www.axis.com/vapix/ws/light/IntensityBinding" xmlns:ali3="http://www.axis.com/vapix/ws/light/AngleOfIlluminationBinding" xmlns:ali4="http://www.axis.com/vapix/ws/light/DayNightSynchronizeBinding" xmlns:ali="http://www.axis.com/vapix/ws/light" xmlns:tan1="http://www.onvif.org/ver20/analytics/wsdl/RuleEngineBinding" xmlns:tan2="http://www.onvif.org/ver20/analytics/wsdl/AnalyticsEngineBinding" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding" xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding" xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tns1="http://www.onvif.org/ver10/topics" xmlns:tnsaxis="http://www.axis.com/2009/event/topics">
<SOAP-ENV:Body>
<SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Code>
<SOAP-ENV:Value>env:VersionMismatch</SOAP-ENV:Value>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">SOAP version mismatch</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>
<SOAP-ENV:Text>Invalid SOAP message or SOAP version mismatch</SOAP-ENV:Text>
</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
UPDATE
I've since discovered that to change to SOAP v1.2 you need to use
http://www.w3.org/2003/05/soap-envelope instead of http://schemas.xmlsoap.org/soap/envelop.
I tried that (two replacements in above code) but then it did not work in either camera. I cant see what I'm doing wrong.
Ok figured it out. The axis camera needs SOAP v1.2. And the differences between the versions are: the namespace url for xmlns:SOAP-ENV; the content-type and action in the http header.
ONVIF using SOAP v1.1 ...
url = http://10.253.253.159/onvif/device_service
Method = POST
http header = Content-Type: text/xml; charset=utf-8; action="http://www.onvif.org/ver10/device/wsdl/GetSystemDateAndTime";
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsdl="http://www.onvif.org/ver10/device/wsdl"
xmlns:sch="http://www.onvif.org/ver10/schema"
>
<SOAP-ENV:Header>
<wsse:Security mustUnderstand="true">
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0">admin</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NWQyMzVjNGNhYmIxMTQ1ZjEzZWVlYzcyZDkzZjcwODI=</wsse:Nonce>
<wsu:Created>2015-07-27T15:47:31.178534Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<wsdl:GetSystemDateAndTime/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
ONVIF using SOAP v1.2 ...
url = http://10.253.253.159/onvif/device_service
Method = POST
http header = Content-Type: application/soap+xml; charset=utf-8;
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsdl="http://www.onvif.org/ver10/device/wsdl"
xmlns:sch="http://www.onvif.org/ver10/schema"
>
<SOAP-ENV:Header>
<wsse:Security mustUnderstand="true">
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0">admin</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NWQyMzVjNGNhYmIxMTQ1ZjEzZWVlYzcyZDkzZjcwODI=</wsse:Nonce>
<wsu:Created>2015-07-27T15:47:31.178534Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<wsdl:GetSystemDateAndTime/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
#spiderplant0 gave the corrent answer. In my case i had a SoapUI project and i was trying to call a Soap 1.2 endpoint. I configured the WS-Security into this project, and i used the wrong namespace "http://schemas.xmlsoap.org/soap/envelope/" in the Signature step, specifically in the Body part. Because of this misconfiguration, the endpoint kept telling me that it "could not validate request: security processing failed (actions mismatch)", which didn't make sense to me, as the WS-Security steps were given in the correct order.
I replaced the wrong namespace with the correct one "http://www.w3.org/2003/05/soap-envelope", and it worked!
Thanks to #spiderplant0 for pointing this out!
I am using the DocuSign API WSDL in my SOAP UI and trying to call a method but getting the error User_Authentication_Failed - Missing authentication header
In some post seen that Security token need to to use but not getting the security token in docusign instead we have Integrator key value.
Please if someone can provide the guidance here.
My SOAP UI request is:
<soapenv:Envelope xmlns:ns="http://www.docusign.net/API/3.0" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>haider#abcd.com</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">HR123456</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">iJwabpA/2j2ooh7deCAVcg==</wsse:Nonce>
<wsu:Created>2014-07-24T17:46:39.991Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp wsu:Id="Timestamp-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2014-07-24T17:46:19.730Z</wsu:Created>
<wsu:Expires>2014-07-24T17:56:19.730Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ns:RequestPDF>
<!--Optional:-->
<ns:EnvelopeID>01f90b51-7cf4 -48a1-8946-2795fc970b77</ns:EnvelopeID>
</ns:RequestPDF>
</soapenv:Body>
</soapenv:Envelope>
Getting Response as:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
<wsa:MessageID>urn:uuid:6e9fbf02-7c18-4d65-bbfc-f828cf51bb57</wsa:MessageID>
<wsa:RelatesTo>urn:uuid:7e7b4a69-834f-4906-9b92-a16cc8f6d32b</wsa:RelatesTo>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-659010d2-c16b-479a-ae43-169846a7898c">
<wsu:Created>2014-07-24T17:47:54Z</wsu:Created>
<wsu:Expires>2014-07-24T17:52:54Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>User_Authentication_Failed - Missing authentication header</faultstring>
<detail/>
</soap:Fault>
</soap:Body>
</soap:Envelope>
The documentation below may be a better outline of using authentication headers and the endpoint URL's:
https://www.docusign.com/p/APIGuide/APIGuide.htm#Introduction+Changes/Authentication.htm%3FTocPath%3DAuthentication%7C_____0
Below also outlines the above with Send On Behalf Of:
https://www.docusign.com/p/APIGuide/APIGuide.htm#Introduction+Changes/Send On Behalf Of Functionality.htm%3FTocPath%3DAuthentication%7C_____2
Since the header type you choose also determines which endpoint URL you should use, below are examples for the demo environment:
HTTP = https://demo.docusign.net/api/3.0/dsapi.asmx
SOAP = https://demo.docusign.net/api/3.0/api.asmx
Because you are utilizing SOAP, the correct endpoint would be the api.asmx.
In SOAP UI, you can:
Select the endpoint drop down from the top
[edit current]
Populate the following URL:
https://demo.docusign.net/api/3.0/api.asmx
You would also need to add your Integrator Key as well inside the authentication. The integrator key should always be in brackets "[ ]" as well.My example below:
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>[INTEGRATOR KEY]DS USERNAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">[PASSWORD]</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
In SOAP UI you will add the header and value for the request. Select the header button at the footer of the page and select add. You will add your authentication header here.